Chris & Don,
The information was helpful.
Thanks,
t.
----- Original Message -----
From: "Chris Buechler" <cbuechler at gmail dot com>
To: "Tarun Kundhi" <tkundhi at inebraska dot com>
Cc: "m0n0wall list" <m0n0wall at lists dot m0n0 dot ch>
Sent: Wednesday, March 16, 2005 12:44 PM
Subject: Re: [m0n0wall] newbie FW and DMZ question
> On Wed, 16 Mar 2005 08:25:10 -0600, Tarun Kundhi <tkundhi at inebraska dot com>
> wrote:
>> I'm new here and trying to set up m0n0wall in my home office. The intial
>> setup and configuration went smoothly but I can't find the documentation
>> on FW rules configuration particularly with regard to DMZ zone. I assume
>> this documentation probably exists and I'm not looking in the right
>> place. I have read the quick start guide
>> (http://m0n0.ch/wall/quickstart/) and Users guide
>> (http://m0n0.ch/wall/documentation.php), but neither cover FW rules.
>>
>
> The example on this page might help (the fw rules portion).
> http://m0n0.ch/wall/docbook/examples.html#id2598130
>
>
>> I believe my goal is pretty straight forward. I have a one dynamic public
>> ip address from my ISP. There are 3 NIC in my m0n0wall box, configed as
>> WAN, LAN (192.168.10.1/24) and DMZ (192.168.20.1/24) . Basiclly I want
>> all uninitated requests from to go to the DMZ subnet. I also don't want
>> any traffic going from the DMZ subnet to the LAN subnet. And I do want
>> the LAN to be able to get to the outside world.
>>
>
> The allow DMZ to anything but LAN is covered in the link above.
>
> I'm not sure what you mean by all uninitiated requests. Everything
> coming in from the internet? You'll want to use inbound NAT to
> specifically permit certain ports only (whatever you need). If you
> don't have a need for that inbound traffic, you should just let it
> drop at the WAN. But for example if you want to run a web server or
> mail server, then you'll want to open up the appropriate ports using
> inbound NAT. That'll be similar to the example I linked above. Let
> us know if that helps.
>
> -Chris
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>